By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

This is a huge update and system administrators should plan for deployment as all Windows
systems including Server 2008 and Windows 7 are affected by critical bulletins.

Amol Sarwate, manager of the vulnerability research lab,
at Qualys Inc

The bulletins will be released during Microsoft Patch
Tuesday on April 12. The number of bulletins ties a December 2010 record for security updates
issued.

“This is a huge update and system administrators should plan for deployment as all Windows systems,
including Server 2008 and Windows 7, which are affected by critical bulletins,” Amol Sarwate,
manager of the Qualys Inc. vulnerability research lab, wrote on the company blog. “Frequently
used office applications like Excel 2003 through 2010 and PowerPoint 2002 through 2010 are also
affected.”

In its Advance Notification, Microsoft said it would address a MHTML
protocol handler vulnerability in Windows, a flaw that it acknowledged in January.
Proof-of-concept code surfaced, enabling attackers to target the vulnerability. The software giant
issued a temporary workaround while engineers worked on a patch for the issue, which locks down the
MHTML protocol.

In a message on the Microsoft Security Response Center blog, Pete Voss, senior response
communications manager with Microsoft Trustworthy Computing, said engineers have been testing a
patch to address the issue and have been keeping customers informed.

Microsoft Patch Tuesday:

“We alerted people to this issue with Security Advisory
2501696 (including a Fix-It that fully protected customers once downloaded) back in late
January,” Voss wrote. “In March, we updated the advisory to let people know we were aware of
limited, targeted attacks.”

In addition, Microsoft indicated it would address a flaw in the Windows
Server Message Block (SMB) network and file-sharing protocol that was publicly disclosed Feb.
15. Researchers said the vulnerability could be exploited by remote attackers or malicious users to
cause a denial-of-service (DoS) attack or take control of a vulnerable system.

“Microsoft assessed the situation and reported
that although the vulnerability could theoretically allow remote code execution, that was extremely
unlikely,” Voss wrote. “To this day, we have seen no evidence of attacks.”

Major IT companies like Black Hat and Google spoke out against the proposed Wassenaar Arrangement rules for cybersecurity software, and those protests have caused the U.S. Dept. of Commerce to commit to drafting new rules.

News roundup: New threats add to the Tor anonymity debate as a new browser aims to take anonymous browsing to the next level. Plus: Android security outlook bad -- or is it?; another Xen host escape flaw; Wassenaar revisions put on hold.